using System;
using System.IO;
using System.Text;
using System.Data;
using System.Windows.Forms;
using System.Data.SqlClient;
using System.Security.Cryptography;
using System.Runtime.InteropServices;
using WeifenLuo.WinFormsUI.Base;

namespace WeifenLuo.WinFormsUI.Security
{
	/// <summary>
	/// Summary description for Ctrl_Security.
	/// </summary>
	public class Ctrl_Security
	{
		private SqlDataAdapter mAdapter4Update, mdaUserInfo, mdaUsersGroup, mdaGroups;
		private DataSet mdsUser;
		private string ms_EncryptKey = "{~!@#$%^&*()_+|;',./";

		public Ctrl_Security()
		{
			//
			// TODO: Add constructor logic here
			//
		}

		// This method is used check password when login or open some forms that 
		// need to check security password
		public int CheckLogin(string as_UserName, string as_Password)
		{
			try
			{
				// user name is empty --> return -1
				if (as_UserName == null || as_UserName.Length == 0) return -1;
				// password is empty --> return -2
				//if (as_Password == null || as_Password.Length == 0) return -2;
				
				// get users from users table
				mdsUser = new DataSet();
				SqlConnection lConn = new SqlConnection(GetConnectionString());
				string ls_SQL = "Select * From Users Where ID_User = '"+as_UserName+"'";
				mAdapter4Update = new SqlDataAdapter( ls_SQL, lConn);
				mAdapter4Update.Fill(mdsUser, "Users");
				lConn.Close();

				int li = mdsUser.Tables[0].Rows.Count;
				if (mdsUser.Tables[0].Rows.Count <= 0) return -3;

				// Encrypt the password b4 making the password comparison.
				if(li > 0) mdsUser.Clear();
                ls_SQL = "Select * From Users "
                       + " Where ID_User = '" + as_UserName + "' And Password = '123'";//+EncryptPassword(as_Password)+"'";
				mAdapter4Update = new SqlDataAdapter( ls_SQL, lConn);
				mAdapter4Update.Fill(mdsUser, "Users");
				lConn.Close();

				if(mdsUser.Tables[0].Rows.Count <= 0) return -5;
			
				/*DataRow ldrUsers = mdsUser.Tables[0].Rows[0];
				if (ldrUsers["ID_User"].ToString() == as_UserName && ldrUsers["Password"].ToString() == EncryptPassword(as_Password))
				{
					// Update the In_Used flag in the database to LOCK the current ID_User
					if (as_UserName != "ADMINISTRATOR")	ldrUsers["In_Used"] = true;
					if (lUsers._Status == ObjectState.Modified)
						mUsersSet.Update();
				}*/
				return 0;
			}
			catch (SqlException sqlEx)
			{
				Ctrl_LOG.Print("In Ctrl Security", "At Check Login method", "Sql error message: " + sqlEx.Message);
				return -6;	
			}
			catch(Exception ex)
			{
				Ctrl_LOG.Print("In Ctrl Security", "At Check Login method", "Error message: " + ex.Message);
				return -7;
			}
		}


		public int CheckUserLogonWindow(string as_UserName)
		{
			try
			{
				// user name is empty --> return -1
				if (as_UserName == null || as_UserName.Length == 0) return -1;
				// get users from users table
				mdsUser = new DataSet();
				SqlConnection lConn = new SqlConnection(GetConnectionString());
				string ls_SQL = "Select * From Users Where ID_User = '"+as_UserName+"'";
				mAdapter4Update = new SqlDataAdapter(ls_SQL, lConn);
				mAdapter4Update.Fill(mdsUser, "Users");
				lConn.Close();

				int li = mdsUser.Tables[0].Rows.Count;
				if (mdsUser.Tables[0].Rows.Count <= 0) return -3;
				return 0;
			}
			catch (SqlException sqlEx)
			{
				Ctrl_LOG.Print("In Ctrl Security", "At CheckUserLogonWindow method", "Sql error message: " + sqlEx.Message);
				return -6;	
			}
			catch(Exception ex)
			{
				Ctrl_LOG.Print("In Ctrl Security", "At CheckUserLogonWindow method", "Error message: " + ex.Message);
				return -7;
			}
		}

		public DataSet GetUsersSet()
		{
			return mdsUser;
		}

		public DataSet GetAllUsers()
		{
			try
			{
				DataSet ldsUser = new DataSet();
				SqlConnection lConn = new SqlConnection(GetConnectionString());
				string ls_SQL = "Select * From Users ";
				SqlDataAdapter lda = new SqlDataAdapter(ls_SQL, lConn);
				lda.Fill(ldsUser, "Users");
				mdaUserInfo = new SqlDataAdapter(ls_SQL, lConn);
				lConn.Close();
				return ldsUser;
			}
			catch (SqlException sqlEx)
			{
				Ctrl_LOG.Print("In Ctrl Security", "At GetAllUsers method", "Sql error message: " + sqlEx.Message);
				return null;	
			}
			catch(Exception ex)
			{
				Ctrl_LOG.Print("In Ctrl Security", "At GetUsers method", "Error message: " + ex.Message);
				return null;
			}
		}

		public DataSet GetUsers(string as_UserName)
		{
			try
			{
				DataSet ldsUser = new DataSet();
				SqlConnection lConn = new SqlConnection(GetConnectionString());
				string ls_SQL = "Select * From Users Where ID_User = '"+as_UserName+"'";
				mAdapter4Update = new SqlDataAdapter(ls_SQL, lConn);
				mdaUserInfo = new SqlDataAdapter(ls_SQL, lConn);
				mAdapter4Update.Fill(ldsUser, "Users");
				lConn.Close();
				return ldsUser;
			}
			catch (SqlException sqlEx)
			{
				Ctrl_LOG.Print("In Ctrl Security", "At GetUsers method", "Sql error message: " + sqlEx.Message);
				return null;	
			}
			catch(Exception ex)
			{
				Ctrl_LOG.Print("In Ctrl Security", "At GetUsers method", "Error message: " + ex.Message);
				return null;
			}
		}

		public DataSet GetUsersGroup(string as_UserName)
		{
			try
			{
				DataSet ldsUsersGroups = new DataSet();
				SqlConnection lConn = new SqlConnection(GetConnectionString());
				string ls_SQL = "Select * From UsersGroups Where ID_User = '"+as_UserName+"'";
				mdaUsersGroup = new SqlDataAdapter(ls_SQL, lConn);
				mdaUsersGroup.Fill(ldsUsersGroups, "UsersGroups");
				lConn.Close();
				return ldsUsersGroups;
			}
			catch (SqlException sqlEx)
			{
				Ctrl_LOG.Print("In Ctrl Security", "At GetUsersGroup method", "Sql error message: " + sqlEx.Message);
				return null;	
			}
			catch(Exception ex)
			{
				Ctrl_LOG.Print("In Ctrl Security", "At GetUsersGroup method", "Error message: " + ex.Message);
				return null;
			}
		}

		public DataSet GetUsersInGroup(string as_Group)
		{
			try
			{
				DataSet ldsUsersGroups = new DataSet();
				SqlConnection lConn = new SqlConnection(GetConnectionString());
				string ls_SQL = "Select * From UsersGroups Where ID_Group = '"+as_Group+"'";
				mdaUsersGroup = new SqlDataAdapter(ls_SQL, lConn);
				mdaUsersGroup.Fill(ldsUsersGroups, "UsersGroups");
				lConn.Close();
				return ldsUsersGroups;
			}
			catch (SqlException sqlEx)
			{
				Ctrl_LOG.Print("In Ctrl Security", "At GetUsersGroup method", "Sql error message: " + sqlEx.Message);
				return null;	
			}
			catch(Exception ex)
			{
				Ctrl_LOG.Print("In Ctrl Security", "At GetUsersGroup method", "Error message: " + ex.Message);
				return null;
			}
		}

		public DataSet GetGroups()
		{
			try
			{
				DataSet ldsGroups = new DataSet();
				SqlConnection lConn = new SqlConnection(GetConnectionString());
				string ls_SQL = "Select * From Groups ";
				mdaGroups = new SqlDataAdapter(ls_SQL, lConn);
				mdaGroups.Fill(ldsGroups, "Groups");
				lConn.Close();
				return ldsGroups;
			}
			catch (SqlException sqlEx)
			{
				Ctrl_LOG.Print("In Ctrl Security", "At GetGroups method", "Sql error message: " + sqlEx.Message);
				return null;	
			}
			catch(Exception ex)
			{
				Ctrl_LOG.Print("In Ctrl Security", "At GetGroups method", "Error message: " + ex.Message);
				return null;
			}
		}

		private string GetConnectionString()
		{
			// get ConnectionString from config file
			string ls_strXmlPath = Application.StartupPath + @"\config.xml";
			System.Xml.XmlDocument doc = new System.Xml.XmlDocument();
			doc.Load(ls_strXmlPath);
			return doc.DocumentElement.ChildNodes[0].InnerText;
		}

		public string EncryptPassword(string as_RawPassword)
		{
			return Encrypt(as_RawPassword, ms_EncryptKey);
		}

		private string Encrypt(string asText, string asEncrytKey)
		{
			byte[] byKey ;
			byte[] IV = {0X12, 0X34, 0X56, 0X78, 0X90, 0XAB, 0XCD, 0XEF};

			try
			{
				//ORIGINAL LINE: byKey() = System.Text.Encoding.UTF8.GetBytes(Left(strEncrKey, 8))
				byKey = Encoding.UTF8.GetBytes(asEncrytKey.Substring(0, 8));

				DESCryptoServiceProvider des = new DESCryptoServiceProvider();
				byte[] inputByteArray = Encoding.UTF8.GetBytes(asText);
				MemoryStream ms = new MemoryStream();
				CryptoStream cs = new CryptoStream(ms, des.CreateEncryptor(byKey, IV), CryptoStreamMode.Write);
				cs.Write(inputByteArray, 0, inputByteArray.Length);
				cs.FlushFinalBlock();
				return Convert.ToBase64String(ms.ToArray());

			}
			catch (Exception ex)
			{
				return ex.Message;
			}
		}

		// Get the user access rights which user can access some funcnality in the application.
		// This method is called in the MainForm 
		public DataSet GetUserAccessRight(string as_userID)
		{
			SqlConnection lConnection  = new SqlConnection(GetConnectionString());

			try
			{
				if (lConnection.State == ConnectionState.Closed) lConnection.Open();
				SqlCommand myCommand = new SqlCommand("sp3s_GetUserAccessRight", lConnection);
				myCommand.CommandType = CommandType.StoredProcedure;
				myCommand.UpdatedRowSource = UpdateRowSource.OutputParameters;
				myCommand.CommandTimeout = 30000;

				SqlParameter lparam = new SqlParameter("@IN_id_user", SqlDbType.NVarChar, 50);
				myCommand.Parameters.Add(lparam);
				myCommand.Parameters["@IN_id_user"].Value = as_userID;
								
				DataSet mDs = new DataSet();
				SqlDataAdapter adap = new SqlDataAdapter(myCommand);
				adap.Fill(mDs, "UserRights");
				lConnection.Close();
				myCommand.Dispose();
				adap.Dispose();
				mDs.EnforceConstraints = false;
				return mDs;
			}
			catch (SqlException ex)
			{
				Ctrl_LOG.Print("Security controller", "In GetUserAccessRight method.", "SQL error message: " + ex.Message);				
				if(lConnection != null)
					lConnection.Close();
				return null;
			}
			catch(Exception ex)
			{
				Ctrl_LOG.Print("Security controller", "In GetUserAccessRight method.", "Error message: " + ex.Message);
				if(lConnection != null)
					lConnection.Close();
				return null;
			}
		}

		// Kiem tra xem User co thuoc nhom ADMIN khong?
		public bool InAdminGroup(string as_UserID)
		{
			string ls_sql = "Select UsersGroups.ID_User " +
				"  From Groups, UsersGroups " +
				" Where Groups.ID_Group = UsersGroups.ID_Group " +
				"   and UsersGroups.ID_User = '" + as_UserID + "' " +
				"   and Groups.ID_Group = 'ADMIN' ";
			bool	lb_isExist = false;
			SqlConnection lConnection  = new SqlConnection( GetConnectionString());
			try
			{
				
				if (lConnection.State == ConnectionState.Closed) lConnection.Open();
				SqlCommand myCommand = new SqlCommand(ls_sql, lConnection);
				SqlDataReader dataReader = myCommand.ExecuteReader();
				lb_isExist = dataReader.HasRows;
				dataReader.Close();
				lConnection.Close();
				myCommand.Dispose();
				return lb_isExist;
			}
			catch(SqlException sqlEx)
			{
				Ctrl_LOG.Print("Security controller", "In InAdminGroup method.", "SQL error message: " + sqlEx.Message);
				lConnection.Close();
				return false;
			}
			catch (Exception ex)
			{
				Ctrl_LOG.Print("Security controller", "In InAdminGroup method.", "Error message: " + ex.Message);
				lConnection.Close();
				return false;
			}
		}

		public string Update(DataSet adsUsers, out string as_ColName, out string as_TableName)
		{
			SqlConnection lConnection  = new SqlConnection(GetConnectionString());
			if (adsUsers == null)	
			{
				as_ColName = "";
				as_TableName = "";
				return "Users is empty";
			}
			try
			{
				SqlCommandBuilder cmdUpdate = new SqlCommandBuilder(mdaUserInfo);
				as_ColName = "";
				as_TableName = "";
				if (mdaUserInfo.Update(adsUsers, "Users") >= 0) return "";		
			}
			catch(SqlException ex)
			{
				int li_ErrorNumber	= ex.Number, li_start, li_end;
				string ls_ErrorMsg	= ex.Message;
				as_ColName = "";
				as_TableName = "";

				switch(li_ErrorNumber)
				{
					case 2627:// Duplicate 
						return "Duplicate User ID";

					case 1:// Primary key is null
						return "User ID is not empty.";

					case 515:// Column is not null
						li_start  = ls_ErrorMsg.IndexOf("'", 0);
						li_end = ls_ErrorMsg.IndexOf("'", li_start + 1);

						as_ColName = ls_ErrorMsg.Substring(li_start + 1, li_end - li_start - 1);
						return "sqlColumnNotNullMsg";

					case 547:// Violate Constraint
						li_start  = ls_ErrorMsg.IndexOf("table", 0) + 7;
						li_end = ls_ErrorMsg.IndexOf("'", li_start);

						as_TableName = ls_ErrorMsg.Substring(li_start, li_end - li_start);

						li_start  = ls_ErrorMsg.IndexOf("column", 0) + 8;
						li_end = ls_ErrorMsg.IndexOf("'", li_start);
						as_ColName = ls_ErrorMsg.Substring(li_start, li_end - li_start);
						return "Violate Constraint";

					default:
						return "SQLError" + li_ErrorNumber.ToString() + "Msg";
				}			
			}
			catch(Exception ex)
			{
				as_ColName = "";
				as_TableName = "";
				return ex.Message;
			}
			as_ColName = "";
			as_TableName = "";

			return "Database Error: --> Cannot Update Users";
		}

		public string UpdateChangePassWord(DataSet adsUsers, out string as_ColName, out string as_TableName)
		{
			SqlConnection lConnection  = new SqlConnection(GetConnectionString());
			if (adsUsers == null)	
			{
				as_ColName = "";
				as_TableName = "";
				return "Users is empty";
			}
			try
			{
				SqlCommandBuilder cmdUpdate = new SqlCommandBuilder(mAdapter4Update);
				as_ColName = "";
				as_TableName = "";
				if (mAdapter4Update.Update(adsUsers, "Users") >= 0) return "";		
			}
			catch(SqlException ex)
			{
				int li_ErrorNumber	= ex.Number, li_start, li_end;
				string ls_ErrorMsg	= ex.Message;
				as_ColName = "";
				as_TableName = "";

				switch(li_ErrorNumber)
				{
					case 2627:// Duplicate 
						return "Duplicate User ID";

					case 1:// Primary key is null
						return "User ID is not empty.";

					case 515:// Column is not null
						li_start  = ls_ErrorMsg.IndexOf("'", 0);
						li_end = ls_ErrorMsg.IndexOf("'", li_start + 1);

						as_ColName = ls_ErrorMsg.Substring(li_start + 1, li_end - li_start - 1);
						return "sqlColumnNotNullMsg";

					case 547:// Violate Constraint
						li_start  = ls_ErrorMsg.IndexOf("table", 0) + 7;
						li_end = ls_ErrorMsg.IndexOf("'", li_start);

						as_TableName = ls_ErrorMsg.Substring(li_start, li_end - li_start);

						li_start  = ls_ErrorMsg.IndexOf("column", 0) + 8;
						li_end = ls_ErrorMsg.IndexOf("'", li_start);
						as_ColName = ls_ErrorMsg.Substring(li_start, li_end - li_start);
						return "Violate Constraint";

					default:
						return "SQLError" + li_ErrorNumber.ToString() + "Msg";
				}			
			}
			catch(Exception ex)
			{
				as_ColName = "";
				as_TableName = "";
				return ex.Message;
			}
			as_ColName = "";
			as_TableName = "";

			return "Database Error: --> Cannot Update Users";
		}

		public string UpdateUsersGroup(DataSet adsUsers, out string as_ColName, out string as_TableName)
		{
			SqlConnection lConnection  = new SqlConnection(GetConnectionString());
			if (adsUsers == null)	
			{
				as_ColName = "";
				as_TableName = "";
				return "Users Groups is empty";
			}
			try
			{
				SqlCommandBuilder cmdUpdate = new SqlCommandBuilder(mdaUsersGroup);
				as_ColName = "";
				as_TableName = "";
				if (mdaUsersGroup.Update(adsUsers, "UsersGroups") >= 0) return "";		
			}
			catch(SqlException ex)
			{
				int li_ErrorNumber	= ex.Number, li_start, li_end;
				string ls_ErrorMsg	= ex.Message;
				as_ColName = "";
				as_TableName = "";

				switch(li_ErrorNumber)
				{
					case 2627:// Duplicate 
						return "Duplicate User ID";

					case 1:// Primary key is null
						return "User ID or Group ID is not empty.";

					case 515:// Column is not null
						li_start  = ls_ErrorMsg.IndexOf("'", 0);
						li_end = ls_ErrorMsg.IndexOf("'", li_start + 1);

						as_ColName = ls_ErrorMsg.Substring(li_start + 1, li_end - li_start - 1);
						return "sqlColumnNotNullMsg";

					case 547:// Violate Constraint
						li_start  = ls_ErrorMsg.IndexOf("table", 0) + 7;
						li_end = ls_ErrorMsg.IndexOf("'", li_start);

						as_TableName = ls_ErrorMsg.Substring(li_start, li_end - li_start);

						li_start  = ls_ErrorMsg.IndexOf("column", 0) + 8;
						li_end = ls_ErrorMsg.IndexOf("'", li_start);
						as_ColName = ls_ErrorMsg.Substring(li_start, li_end - li_start);
						return "Violate Constraint";

					default:
						return "SQLError" + li_ErrorNumber.ToString() + "Msg";
				}			
			}
			catch(Exception ex)
			{
				as_ColName = "";
				as_TableName = "";
				return ex.Message;
			}
			as_ColName = "";
			as_TableName = "";

			return "Database Error: --> Cannot Update Users Groups";
		}

		public string UpdateGroups(DataSet adsGroups, out string as_ColName, out string as_TableName)
		{
			SqlConnection lConnection  = new SqlConnection(GetConnectionString());
			if (adsGroups == null)	
			{
				as_ColName = "";
				as_TableName = "";
				return "Groups is empty";
			}
			try
			{
				SqlCommandBuilder cmdUpdate = new SqlCommandBuilder(mdaGroups);
				as_ColName = "";
				as_TableName = "";
				if (mdaGroups.Update(adsGroups, "Groups") >= 0) return "";		
			}
			catch(SqlException ex)
			{
				int li_ErrorNumber	= ex.Number, li_start, li_end;
				string ls_ErrorMsg	= ex.Message;
				as_ColName = "";
				as_TableName = "";

				switch(li_ErrorNumber)
				{
					case 2627:// Duplicate 
						return "Duplicate Group ID";

					case 1:// Primary key is null
						return "Group ID is not empty.";

					case 515:// Column is not null
						li_start  = ls_ErrorMsg.IndexOf("'", 0);
						li_end = ls_ErrorMsg.IndexOf("'", li_start + 1);

						as_ColName = ls_ErrorMsg.Substring(li_start + 1, li_end - li_start - 1);
						return "sqlColumnNotNullMsg";

					case 547:// Violate Constraint
						li_start  = ls_ErrorMsg.IndexOf("table", 0) + 7;
						li_end = ls_ErrorMsg.IndexOf("'", li_start);

						as_TableName = ls_ErrorMsg.Substring(li_start, li_end - li_start);

						li_start  = ls_ErrorMsg.IndexOf("column", 0) + 8;
						li_end = ls_ErrorMsg.IndexOf("'", li_start);
						as_ColName = ls_ErrorMsg.Substring(li_start, li_end - li_start);
						return "Violate Constraint";

					default:
						return "SQLError" + li_ErrorNumber.ToString() + "Msg";
				}			
			}
			catch(Exception ex)
			{
				as_ColName = "";
				as_TableName = "";
				return ex.Message;
			}
			as_ColName = "";
			as_TableName = "";

			return "Database Error: --> Cannot Update Groups";
		}

		// Delete the ObjectGroup b4 deleting the Group to avoid the contraint message.
		public bool DeleteObjectsGroup(string as_GroupID)
		{
			SqlConnection lConnection  = new SqlConnection(GetConnectionString());
			
			try
			{
				if (lConnection.State == ConnectionState.Closed) lConnection.Open();
				SqlCommand myCommand = new SqlCommand("sp3s_DeleteObjectsRight", lConnection);
				myCommand.CommandType = CommandType.StoredProcedure;
				myCommand.UpdatedRowSource = UpdateRowSource.OutputParameters;

				SqlParameter lparam = new SqlParameter("@IN_Group", SqlDbType.NVarChar, 50);
				myCommand.Parameters.Add(lparam);
				myCommand.Parameters["@IN_Group"].Value = as_GroupID;

				myCommand.ExecuteNonQuery();
				lConnection.Close();
				myCommand.Dispose();
				return true;
			}
			catch (SqlException ex)
			{
				Ctrl_LOG.Print("Security controller", "In DeleteObjectsGroup method.", "SQL error message: " + ex.Message);				
				if(lConnection != null)	lConnection.Close();
				return false;
			}
			catch(Exception ex)
			{
				Ctrl_LOG.Print("Security controller", "In DeleteObjectsGroup method.", "Error message: " + ex.Message);
				if(lConnection != null)	lConnection.Close();
				return true;
			}
		}

		public bool UpdateAccessRight(DataSet aDS_AccessRight)
		{
			if (aDS_AccessRight == null)	return false;

			SqlCommandBuilder cmdUpdate = new SqlCommandBuilder(mAdapter4Update);
            if (mAdapter4Update.Update(aDS_AccessRight, "ObjectsGroups") > 0)  
				return true;		
			
			return false;
		}

		public DataSet GetDSInGroupModule(string as_Group, string as_Module, string as_languageID, bool ab_ReportType)
		{	
			SqlConnection lConnection  = new SqlConnection(GetConnectionString());
			DataSet lDS = null;
			try
			{
				if (as_Group == "" || as_Module == "")	return null;

				string ls_sql, ls_sqlUpdate;

				if (ab_ReportType)
				{
					ls_sql = " Select ID_Group, Objects.ID_Module, " +
						"  Objects.ID_Object, Objects.Description, " + 
						"  Read_Access, Add_Access, Delete_Access, " +
						"  Modify_Access, Print_Access " +
						"  From Objects, ObjectsGroups " +
						" Where Objects.ID_Object = ObjectsGroups.ID_Object " + 
						"   And UPPER(Object_Type) = 'R' " +
						"   And Objects.ID_Module = '" + as_Module + "' " + 
						"   And ID_Group = '" + as_Group + "' " +
						"   And ID_Language = '" + as_languageID + "'" + 
						" Order By Objects.Description ASC";

                    ls_sqlUpdate = " Select ID_Object, ID_Group, ID_Module, " +
						"  Read_Access, Add_Access, Delete_Access, " +
						"  Modify_Access, Print_Access " +
						"  From ObjectsGroups " +
						" Where ID_Group = '" + as_Group + "'";
				}
				else
				{
					ls_sql = " Select ID_Group, Objects.ID_Module, " +
						"  Objects.ID_Object, Objects.Description, " + 
						"  Read_Access, Add_Access, Delete_Access, " +
						"  Modify_Access, Print_Access " +
						"  From Objects, ObjectsGroups " +
						" Where Objects.ID_Object = ObjectsGroups.ID_Object " + 
						"   And UPPER(Object_Type) = 'W' " +
						"   And Objects.ID_Module = '" + as_Module + "' " + 
						"   And ID_Group = '" + as_Group + "'" +
						"   And ID_Language = '" + as_languageID + "'" + 
						" Order By Objects.Description ASC";

                    ls_sqlUpdate = " Select ID_Object, ID_Group, ID_Module, " +
						"  Read_Access, Add_Access, Delete_Access, " +
						"  Modify_Access, Print_Access " +
						"  From ObjectsGroups " +
						" Where ID_Group = '" + as_Group + "'";
				}

				mAdapter4Update = new SqlDataAdapter(ls_sqlUpdate, lConnection);

				SqlCommand myCommand = new SqlCommand(ls_sql, lConnection);
				myCommand.CommandType = CommandType.Text;
				SqlDataAdapter adpt = new SqlDataAdapter(myCommand);

				lDS = new DataSet();
				adpt.Fill(lDS, "ObjectsGroups");
				lConnection.Close();
				myCommand.Dispose();
				adpt.Dispose();
				lDS.EnforceConstraints = false;
			}
			catch(SqlException sqlEx)
			{
				Ctrl_LOG.Print("Security controller", "In GetDSInGroupModule method.", "SQL error message: " + sqlEx.Message);
				lConnection.Close();
				lDS = null;
			}
			catch(Exception ex)
			{
				Ctrl_LOG.Print("Security controller", "In GetDSInGroupModule method.", "Error message: " + ex.Message);
				lConnection.Close();
				lDS = null;
			}
			return lDS;
		}

	}
}
